From 882bf2849f3594d042fc45f1396ea54ab033f7d7 Mon Sep 17 00:00:00 2001
From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Mon, 19 Jan 2015 14:11:08 +0200
Subject: [PATCH] SSL_OP_NO_TICKET SSL option to http[s]_port

If this option is set the TLS ticket extension disabled.

When TLS ticket extension is disabled squid is still able to use SSL shared
sessions if this feature is not disabled.

This is a Measurement Factory project
---
 src/cf.data.pre    | 1 +
 src/ssl/support.cc | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/src/cf.data.pre b/src/cf.data.pre
index 21d149dc2b..322f0918db 100644
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1808,6 +1808,7 @@ DOC_START
 			    NO_TLSv1_2  Disallow the use of TLSv1.2
 			    SINGLE_DH_USE Always create a new key when using
 				      temporary/ephemeral DH key exchanges
+			    SSL_OP_NO_TICKET Disables TLS tickets extension
 			    ALL       Enable various bug workarounds
 				      suggested as "harmless" by OpenSSL
 				      Be warned that this reduces SSL/TLS
diff --git a/src/ssl/support.cc b/src/ssl/support.cc
index 7af1dbbe41..f174090b30 100644
--- a/src/ssl/support.cc
+++ b/src/ssl/support.cc
@@ -457,6 +457,11 @@ ssl_options[] = {
     {
         "No_Compression", SSL_OP_NO_COMPRESSION
     },
+#endif
+#if SSL_OP_NO_TICKET
+    {
+        "SSL_OP_NO_TICKET", SSL_OP_NO_TICKET
+    },
 #endif
     {
         "", 0
-- 
2.47.3